<html>
<body>
Reports non-constant string concatenations used as a format string argument.
<p>
  While occasionally intended, this is usually a misuse of a formatting method
  and may even cause security issues if the variables used in the concatenated string
  contain special characters like <code>%</code>.
</p>
<p>
  Also, sometimes this could be the result
  of mistakenly concatenating a string format argument by typing a <code>+</code> when a <code>,</code> was meant.
</p>
<p><b>Example:</b></p>
<pre><code>
  static String formatGreeting(String userName) {
    return String.format("Hello, " + userName);
  }
</code></pre>
<p>
  Here, the <code>userName</code> will be interpreted as a part of format string, which may result
  in <code>IllegalFormatException</code> (for example, if <code>userName</code> is <code>"%"</code>) or
  in using an enormous amount of memory (for example, if <code>userName</code> is <code>"%2000000000%"</code>).
  The call should be probably replaced with <code>String.format("Hello, %s", userName);</code>.
</p>
<p>
  This inspection checks calls to formatting methods on
  <code>java.util.Formatter</code>,
  <code>java.lang.String</code>,
  <code>java.io.PrintWriter</code>,
  or <code>java.io.PrintStream</code>.
</p>
<!-- tooltip end -->
</body>
</html>